Adding a cluster relationship enables two clusters, a target and a source cluster, to automatically synchronize user keychains. Cluster relationships enable high availability of keychain data among geographically distributed clusters, and facilitate recovery in case of disaster.

Before you begin

You must be a Super Admin in the Cloud Administration Console.

At least two clusters must exist in your RSA SecurID Access deployment.

Each cluster must contain at least one fully configured identity router.

Each cluster must have high availability (HA) enabled.

Decide which cluster will be the source cluster, and which will be the target cluster. Consider the following factors.

During disaster recovery, the target cluster provides recovery data for the source.

For HA relationships, clusters can be source and target for each other. For bidirectional HA, a second cluster relationship designates cluster B as the source, and cluster A as the target. For unidirectional HA, one cluster relationship designates cluster A as the source cluster, and cluster B as the target cluster.

Procedure

In the Cloud Administration Console, click Platform > Clusters.

Click Cluster Relationships.

From the Source Cluster drop-down list, select a cluster from which to send keychain data to be synchronized on the target cluster.

From the Target Cluster drop-down list, select the cluster to receive and synchronize the keychain data locally.

The Port field is read-only and displays the listening port on the target cluster.

In the Timeout field, specify the number of seconds that the source cluster attempts to synchronize with an unresponsive target cluster before failing.

To add another cluster relationship, click ADD and repeat steps 3 through 5.

Click Save.

(Optional) To publish this configuration change and immediately activate it on the identity router, click Publish Changes.

Results

After publishing, keychain synchronization occurs in the background. Each time keychain credentials in the source cluster are changed, a new synchronize operation updates the target cluster.